These risk actors have been then able to steal AWS session tokens, the short term keys that enable you to request temporary credentials to your employer??s AWS account. By hijacking active tokens, the attackers were in the position to bypass MFA controls and acquire access to Safe and sound Wal